<?php
	class LoginAction extends Action{
		//登录首页
		public function index(){
			$this->display();
		}
		//验证码
		public function verify(){
            import('Class.Image',APP_PATH);
            Image::verify();
        }
        /* 登陆处理*/
        public function login()
        {
            /*adris arqiliq kiriwallghan bolsa*/
            if (!IS_POST) halt('页面不存在');
            /*testiq kodi toghura bolmisa*/
            if (I('code', '', 'md5') != session('verify')) $this->error('验证码错误');
            /*abuntning ismini sandandin izdeymiz*/
            $condition['username'] = I('username');
            /*munasiwetlik uchurlarni suzup alimiz*/
            $user = M('user')->where($condition)->find();
            /*quluplanghan yaki emeslikini tekshureymiz*/
            if ($user['lock']) $this->error('账户名已被锁定');
            /*waqitliq quluplanghan liqini tekshureymiz*/
            if ($user['logintime'] > time()) {
                $this->error('账户名已被暂时锁定一个小时后请重试');
            }
            /*eger xata kirguzse munasiwetlik uchur qayturmiz  bash qetimdin eship ketse waqitliq quluplaymiz*/
            if (!$user || $user['password'] != I('password', '', 'md5')) {
                $_SESSION['lock_number'] = $_SESSION['lock_number'] + 1;
                if ($_SESSION['lock_number'] >= 4) {
                    $data_time = array(
                        'id' => $user['id'],
                        'logintime' => time() + 3600,
                    );
                    M('user')->save($data_time);
                }
                $this->error('账户名或密码错误');
            }
            $data = array(
                'id' => $user['id'],
                'loginip' => get_client_ip(),
                'logintime' => time(),
            );
            /*kirgen waqtini ip adressininxatirleymiz  andin betke kirguzwetimiz*/
            M('user')->save($data);

            session('uid', $user['id']);
            session('username', $user['username']);
            session('logintime', $user['logintime']);
            session('loginip', $user['loginip']);
            if($user['username'] == C(RBAC_SUPERADMIN)){
                session(C('ADMIN_AUTH_KEY'), true);
            }
            import('ORG.Util.RBAC');
            RBAC::saveAccessList();
            redirect(U(GROUP_NAME.'/Index/index'));
        }
	}
?>